Given the importance of information security and the protection of personal
information in the advanced information and communications society, the Hotel
shall endeavor to appropriately manage and protect information owned by the
Company in accordance with the Hotel Okura Group’s Policy Concerning Information
Security and the Protection of Personal Information.

1. Compliance with Laws and Regulations, etc.
The Hotel shall comply with policies, guidelines, etc. prescribed in laws and
regulations and by administrative organs.

2. Establishment of a Management System
A management system shall be established within the Hotel and the division of
responsibilities shall be clarified.

4. Implementation of Safety Measures
The Hotel shall implement safety measures, and take preventative measures
against unauthorized access to information, and the loss, damage, fabrication,
divulgence, etc. of information.

5. Implementation of Training and Educational Activities
The Hotel shall promote training and educational activities and aim to acquire
knowledge and improve awareness with regard to information management, and to
plan thorough familiarization so that information is managed appropriately.

6. Coordination with Subcontractors
If work relating to information management is subcontracted to other companies,
then the Hotel shall select a party with adequate experience and capabilities,
shall prescribe matters concerning the duty of confidentiality in agreements and
shall ensure that information is managed appropriately.

9. Clarification of Inquiries Desk
The Hotel shall establish an inquiry desk in order to respond promptly in good
faith, to inquiries, complaints and requests from customers.

10. Publication of this Policy
The Hotel shall widely publish policies concerning information security and the
protection of personal information, including this Policy by posting it on its
website, etc.

Handling Reservation Records

The Hotel shall share reservation records with Hotel Okura Co., Ltd.
(hereinafter referred to as “HOC”), Okura Hotels & Resorts associated hotels
(hereinafter referred to as “OHR Member Hotels”), Hotel Okura Group companies
(hereinafter referred to as “Group Companies”), third party partner hotel groups
(hereinafter referred to as “Affiliated Hotels”), JAL Hotels (hereinafter
referred to as “JHC”) and JAL Hotels Chain Hotels (hereinafter referred to as
“JHC Chain Hotels”) in order to provide services closely related to travel such
as hotel, air travel, etc., publicize products and campaigns, and conduct work
associated thereto.

1. Management of Personal Information
The Hotel is critical of the importance of customers’ personal information
submitted by customers, and shall strictly manage such information using
computers, etc., paying close attention to the handling thereof.

2. Shared Information
The Hotel shall share reservation records within the following scope in order to
provide services closely related to travel such as hotel, air travel, etc.,
publicize products and campaigns, and conduct work associated thereto.

Shared data items: customers’ name, telephone number, address, email address,
age, gender, employer, etc., membership of an airline company and mileage
number, name of hotel at which the customer will stay, dates of stay, package
plan, fee, arrival time, requests, credit card number to guarantee reservations.

3. Provision of Reservation Records to Travel Agents
The Hotel shall provide the above information provided for in 2 to travel agents
if an inquiry is made based on a reservation number provided to the travel agent
by a customer.

5. Provision to Third Parties
In addition to the above outline, the Hotel shall not provide or disclose
reservation records and information to third parties unless customers have given
their consent or unless required in accordance with laws and regulations, etc.

6. Confirming Reservations
The Hotel shall issue a reservation confirmation letter concerning reservations
accepted by the Hotel following the finalization of a reservation by mail, fax
or email, etc. to the address, telephone number, fax number or email address
specified by customers. Furthermore, please note that when making reservations
via our website, an email message confirming the reservation will be sent to the
email address provided by the customer.

7. Inquiries, etc. Relating to Other Reservations
Inquiries and alterations concerning reservation records from customers who have
not made reservations with the Hotel or via the reservation center should be
made directly to the travel agent or facility, etc. that handled the
reservation.

Handling of One Harmony Membership Information

The Companies shall handle the personal information of OHM program Members as
follows.
1．Management of Personal Information
In operating the OHM system, the Companies recognize the importance of the
personal information submitted by Members, and shall treat such personal
information with the utmost care, and safeguard such information under a strict
computerized security system.

2．Usage of Personal Information
The Companies may use the personal information submitted by members for the
purpose of recording stay history, inclusion in membership cards, issuance of
membership cards, provision of hotel stay services, food and beverage services
and wedding services, provision of other services closely related to hotel
usage, giving of notices about promotional materials and questionnaires,
including those of the partner companies, and product development, OHM program
management, and related activities.
- Information used in common by the Companies and their affiliates: Membership
number, name, date of birth, gender, address, telephone number, fax number,
e-mail address, place of employment (company name, department, title, address,
telephone number, fax number, e-mail address), types of membership cards, types
of FFP, FFP membership number, FFP tier, stay history, reservation history,
communication history etc.
- Companies and Affiliates who use information: The Companies, OHM Facilities,
Hotel Okura Group companies (*1), JAL Group airline companies (*2), and JAL Card
Inc.

3.Provision of personal information to third parties
The Companies shall not provide Member's personal information to any third party
except when there is the prior consent of a Member or a prescription in these
Terms and Conditions and related rules and regulations, or it is required
pursuant to applicable laws.

4.Inquiries
Members' requests for changes to or deletions of their own registered personal
information or other inquiries shall be dealt with in a reasonably prompt manner
upon personal enquiry by a Member.

Handling Online Members Information

The Hotel shall together with Hotel Okura Co., Ltd. (hereinafter referred to as
“HOC”), Okura Hotels & Resorts associated hotels (hereinafter referred to as
“OHR Member Hotels”), Hotel Okura Group companies (hereinafter referred to as
“Group Companies”), JAL Hotels (hereinafter referred to as “JHC”) and JAL Hotels
Chain Hotels (hereinafter referred to as “JHC Chain Hotels”), handle personal
information on online members in the following manners.
* Online members refer to members who have registered with Okura Hotels &
Resorts and/or JAL Hotels and are issued online reservation IDs.

1. Management of Personal Information
The Hotel is critical of the importance of members’ personal information
submitted by members, and shall strictly manage such information using
computers, paying close attention to the handling thereof.

2. Shared Information
The Hotel shall, together with HOC, OHR Member Hotels, Group Companies, JHC and
JHC Chain Hotels share personal information provided by members in order to
provide hotel services and services closely related to hotels, provide
advertising and promotional materials and questionnaires, including that
relating to affiliated companies, conduct product development and work
associated thereto.

3. Inquiries, etc. Relating to Personal Information
The Hotel shall promptly respond within a reasonable scope if a member contacts
the Hotel’s inquiry desk with an inquiry or request to alter or suspend the use
of their personal information. In addition, the Hotel’s inquiry desk shall
accept feedback relating to the handling of personal information.

4. Provision of Personal Information to Third Parties
The Hotel shall not provide or disclose personal information to third parties
unless members have given their consent in advance, or disclosure is prescribed
in these rules, or required in accordance with laws and regulations, etc.

Handling of Other Personal Information on Reservation Records, Okura Club
International Members and Online Members

In addition to personal information in reservation records, personal information
on Okura Club International members and personal information on online members,
the Hotel handles personal information received directly from customers and
personal information from travel agents and companies which have entered into
agreements with the Hotel in the following manners.

1. Protection and Management of Personal Information
The Hotel places importance on the protection of customers’ personal information
provided by customers and pays close attention to the handling of such
information.

2．Purpose of Use of Personal Information
Personal information provided shall be used within the scope necessary to
achieve the following purposes.

- To provide appropriate services according to requests from customers based on
past usage information at the Hotel and Okura Hotels & Resorts associated hotels
(hereinafter referred to as “OHR Member Hotels”)
- To provide details regarding the Hotel
- To provide details and information on the Hotel’s accommodation, weddings,
banquets, restaurants, health clubs, hotel products and new product package
plans/events/various privileges in cultural programs, etc.
- To operate membership activities such as enrollment in JAL Hotels Chain
Hotels’ (hereinafter referred to as “JHC Chain Hotels”) and third party partner
hotel groups’ (hereinafter referred to as “Affiliated Hotels”) membership
organizations or grant points to members, redeem prizes, etc.
- To analyze responses to questionnaires to improve services and for marketing
purposes at the Hotel, OHR Member Hotels, JHC Chain Hotels and Affiliated Hotels
- To conduct marketing activities for Hotel Okura Co., Ltd. (hereinafter
referred to as “HOC”)
- If customers have agreed in cases other than the above, and when the Hotel,
HOC, OHR Member Hotels, JHC Chain Hotels and Affiliated Hotels deem it necessary
to contact customers

3. Personal Information Inquiries, Alterations and Suspension of Use
The Hotel shall promptly respond within a reasonable scope if a customer
contacts the following section directly regarding the disclosure, amendment and
suspension of use of personal information managed by the Hotel from part of
personal information wholly owned by the Hotel.

4. Provision and Disclosure of Personal Information
Personal information shall not be provided or disclosed to third parties except
when falling under any of the following circumstances.

- When shared between OHR Member Hotels, JHC Chain Hotels, Affiliated Hotels and
HOC Group Companies
- When outsourcing having first entered into agreements so that contractors do
not use personal information other than for work outsourced by the Hotel
- When customers have given consent in advance
- When required in accordance with laws and regulations

5. Personal Information in Links to External Websites
The Hotel shall assume no management responsibility whatsoever for the gathering
of personal information conducted by other companies’ websites introduced on the
Hotel’s website.

6. Data Protection
The website uses SSL (Secure Sockets Layer) encryption technology on all pages
in which personal information is inserted as a safety measure when gathering
customers’ personal information. As a result, it encrypts the data traveling
across the Internet and prevents data leaks.

7. Privacy Policy Revisions
Significant modifications to this Policy shall be announced on this website.
Please check the website on a constant basis for up-to-date information on other
changes. Please note that the Hotel shall assume no responsibility whatsoever
for trouble resulting from failure to make such checks.

SSL

SSL (Secure Sockets Layer) refers to the protocol for encrypting and
transmitting information over the internet. SSL is a security function that aims
to protect important information such as personal information transferred over
the Internet from theft, fabrication and phishing by third parties. On the
Hotel’s website the accommodation reservation page for inserting personal
information is an SSL secure page. (Certain pages allow users to select non-SSL
communication.)

1. Importance of SSL
The encryption of protocols currently used on the internet is not regulated and
thus third parties are able to insert line monitors, PCs, etc. into lines to
view information that crisscrosses the Internet. The internet is a network made
up of interconnecting websites and a number of relay sites exist between access
points and users, making it difficult to grasp whether a site is safe. For this
reason, the Hotel’s website prevents eavesdropping, etc. by third parties by
utilizing secure communication using SSL when transmitting important
information, especially personal information, etc. over the Internet.

2. SSL Structure
SSL first conducts electronic authentication between the Hotel and customers
prior to customers sending personal information (digital certificates and
digital signatures), and transmits data after conducting cross certification. In
doing so, exchanges between Okura Garden Hotel and customers are disturbed by
random digits, and false transmissions to third parties posing as customers who
attempt to steal data are prevented. Furthermore, information transmitted using
SSL is encrypted using a method which combines two types of encryption methods;
public key encryption (RSA) and symmetric key encryption (private key
cryptography). An electronic “key” is required to decipher this information.
Even if information is intercepted by third parties, it is impossible to decrypt
encrypted information without the correct key. While there are a finite number
of keys, it is extremely difficult for third parties to decrypt information as
it requires an unrealistically long time, even if work is conducted
computationally using a computer, etc., to find the right key by testing all
keys in turn.

3. SSL Enabled Browsers
A special configuration is not necessary in order to use SSL. SSL functions
automatically when using SSL enabled browsers such as Internet Explorer,
Netscape Communicator, etc. in their default configuration. It may not be
possible to access SSL secure pages or enter information when using browsers
that do not support SSL.

* It may not be possible to transmit information using SSL due to FireWall
configurations if the customer is connected to the internet via a FireWall on an
internal LAN such as a LAN within a company.

4. Data Protection
The website operated by the Hotel uses SSL (Secure Sockets Layer) encryption
technology on the online members’ page, the credit card payment page and other
pages in which personal information is inserted as a safety measure when
gathering customers’ personal information. As a result, it encrypts data
traveling across the information and prevents data leaks.

This document is posted for the provision of information to customers. It does
not recommend, request, or demand the use or otherwise of specific software
products.

Use of Cookies

The Hotel may send information called cookies to customers’ computers in order
to improve user-friendliness for customers.

Customers may change their browser’s settings and reject cookies, and warning
messages can be displayed when accepting cookies. Virtually all the Hotel’s
website services can be used without browsers accepting cookies, however, please
note that certain services cannot be used without cookies when making
accommodation reservations.

When undergoing reservation, inquiry, member registration and other formalities at Garden Hotel Shanghai Website (hereinafter referred to as “this Website”), please enter guests’ personal information and register them into database. The registered information is only for the usage of Okura Garden Hotel Shanghai and Okura Hotels & Resorts and its affiliated hotels to provide better services to guests.

1. When entering personal information

When applying for various items at our website, please enter corresponding personal information according to needs of each service and arrangement.

2. Usage of personal information

The above registered and entered data will be used in the following circumstances.
• Arrangements - Arrangement Application Form is used for various services including making arrangements, delivering materials, returning goods, and answering inquires.
• Sending electronic magazine via E-mail
Information and introduction about conferences and events, cuisine tasting fairs, accommodation plans will be provided to guests who have ticked on Arrangement Application Form to allow receiving latest information, and guests who have applied for electronic magazines. At any time it can be arranged to change registered information or stop sending electronic mails.
• Other information for contact - Other Information will be sent via mail, phone call, and letters when our Company deems it necessary to notify the guest.

3. Management of personal information

Database records personal information of guests who have used this Website, and is managed by management personnel in our Company and entrusted business agency which has signed contract with our Company.
Apart from being used for sending electronic magazine to guests, guests’ mail addresses will also be used by Okura Hotels & Resorts and other affiliated hotels to send mails to guests, at the time of which personal information other than mail address will not be disclosed. In the following cases information might be disclosed to a third party.
• In order to serve guests, when it is deemed necessary to disclose information and share information.
• In order to serve guests, when companies that have signed contract with our Company deems it necessary.
• When disclosing personal information, it is necessary to obtain consent for guests.
• When it is necessary to accept official inquiry as required by law at public institutions such as police station or court.
• In addition, when it is necessary to make contact at the time of significant or emergency event relating to guests, our Company, or a third party.

4. Usage of statistics information

Information of guests who have used this Website, excluding personal information, will be used as statistics information. The information will only be used as data for marketing.

5. Usage of Cookie system

This Website uses Cookie system. Depending on browser setup, it is possible to remove functions of cookie system, but this will result in your inability to use some service items on our Website.

6. Login access record

Our Website keeps login access records of all visitors. Login access records include name of visiting area and IP address, type of browser being used, visiting date and time, and the accessed web pages, etc., the records do not contain specific personal information. Login access record will only be used for maintenance and management of this Website, and statistics analysis of usage conditions.

7. Revision of privacy

When this right undergoes significant change, there will be notices on this Website. Regarding change of other matters, please confirm the latest information on this Website. We request users’ understanding that it is difficult for us to assume any obligation for disputes arising from unconfirmed matters.